What is a claim?

In the interests of completeness, now that we have defined “digital subject”, let's define “claim”. At the same time I will explain why I have used the word “claim” where others might have said “security assertion” or just “assertion”.

Again, according to the OED, an assertion is a “confident and forceful statement of fact or belief”. On the other hand, a claim is “an assertion of the truth of something, typically one which is disputed or in doubt”.

It is interesting that systems deriving from the X.500 and X.509 standards – including LDAP – have employed the word “attribute value assertion” (abbreviated AVA) to describe the mechanism by which the attributes of an object are presented. Those systems were thought out from the vantage point of the “administrative domain” making the assertions; Active Directory's LDAP engine was built along this model. So indeed, information is stored in the directory, which later “confidently and forcefully” presents it to the digital subjects of the domain, either through queries or associated protocols like kerberos.

When all subjects subscribe to the same administrative authority, and the trust boundaries are extremely clear and well defined, it makes sense to employ a metaphor based on confidence and force. But in evolving from a closed domain model to an open, federated model, the situation is transformed into one where the party making an assertion and the party evaluating it may have a complex and even ambivalent relationship. In this context, assertions need always be subject to doubt – not only doubt that they have been transmitted from the sender to the recipient intact, but also doubt that they are actually true. We need to incorporate the insights of SPKI. We must always favor the vantage point of the relying party.

The word “claim” – taken as “an assertion of the truth of something which is … in doubt” – grasps the subtleties of the federated world by adding the right dose of doubt to any assertion being made, and effectively reminding us to surface this doubt in our implementaiton.